US11095629B2ActiveUtilityA1

Retrieving access data for blockchain networks using highly available trusted execution environments

63
Assignee: ADVANCED NEW TECHNOLOGIES CO LTDPriority: Mar 29, 2019Filed: Jul 31, 2020Granted: Aug 17, 2021
Est. expiryMar 29, 2039(~12.7 yrs left)· nominal 20-yr term from priority
Inventors:Yirong Yu
H04L 9/50G06F 21/57H04L 9/3239H04L 2209/127H04L 9/0643H04L 9/3247G06F 21/53G06F 21/6218H04L 9/0637H04L 63/062H04L 2209/38
63
PatentIndex Score
0
Cited by
107
References
24
Claims

Abstract

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for retrieving data from external data sources for processing within a blockchain network. One of the methods includes receiving a request for data that includes encrypted data, the encrypted data including access data that is encrypted using a service public key of a key management node; selecting a relay system node from a plurality of relay system nodes that share a service private key of the key management node; transmitting the request to the relay system node; receiving a response provided from the relay system node, the response including result data and a digital signature, wherein the digital signature is generated based on the result data and the service private key of the key management node; and transmitting the response to a client.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for retrieving data from an external data source that is external to a blockchain network, the method comprising:
 receiving, from a client smart contract and by a relay system smart contract executing within the blockchain network, a request for retrieving the data from the external data source, the request comprising encrypted data, the encrypted data comprising access data for accessing the external data source that is encrypted using a service public key of a key management node that is external to the blockchain network; 
 selecting, by the relay system smart contract, a relay system node from a plurality of relay system nodes that are external to the blockchain network, wherein the plurality of relay system nodes are distributed with a service private key of the key management node; 
 transmitting, by the relay system smart contract, the request to the relay system node; 
 receiving, from the relay system node and by the relay system smart contract, a return result in response to the request, the return result comprising the data retrieved from the external data source obtained by the relay system node and a digital signature, wherein the digital signature is generated based on the data retrieved from the external data source and the service private key of the key management node; and 
 transmitting, by the relay system smart contract, the return result to the client smart contract. 
 
     
     
       2. The computer-implemented method of  claim 1 , further comprising:
 provisioning, by an attestation process of the key management node, the service private key and the service public key of the key management node. 
 
     
     
       3. The computer-implemented method of  claim 2 , further comprising:
 executing, by a client device, the attestation process with the key management node and an attestation service; and 
 obtaining, by the client device, the service public key of the key management node during the attestation process. 
 
     
     
       4. The computer-implemented method of  claim 3 , wherein the return result is validated by the client device using the service public key of the key management node. 
     
     
       5. The computer-implemented method of  claim 1 , wherein the plurality of relay system nodes each execute a trusted execution environment (TEE). 
     
     
       6. The computer-implemented method of  claim 1 , wherein the request is decrypted by the relay system node to obtain the access data using the service private key of the key management node. 
     
     
       7. The computer-implemented method of  claim 1 , further comprising:
 executing, by the key management node, an attestation process with each of the plurality of relay system nodes and an attestation service. 
 
     
     
       8. The computer-implemented method of  claim 7 , wherein the key management node executes a key distribution process with the plurality of relay system nodes, the key distribution process resulting the service private key of the key management node being distributed to the plurality of relay system nodes. 
     
     
       9. A non-transitory, computer-readable storage medium storing one or more instructions that, when executed by a computer system, cause the computer system to perform operations comprising:
 receiving, from a client smart contract and by a relay system smart contract executing within a blockchain network, a request for retrieving data from an external data source, the request comprising encrypted data, the encrypted data comprising access data for accessing the external data source that is encrypted using a service public key of a key management node that is external to the blockchain network; 
 selecting, by the relay system smart contract, a relay system node from a plurality of relay system nodes that are external to the blockchain network, wherein the plurality of relay system nodes are distributed with a service private key of the key management node; 
 transmitting, by the relay system smart contract, the request to the relay system node; 
 receiving, from the relay system node and by the relay system smart contract, a return result in response to the request, the return result comprising the data retrieved from the external data source obtained by the relay system node and a digital signature, wherein the digital signature is generated based on the data retrieved from the external data source and the service private key of the key management node; and 
 transmitting, by the relay system smart contract, the return result to the client smart contract. 
 
     
     
       10. The non-transitory, computer-readable storage medium of  claim 9  further comprising:
 provisioning, by an attestation process of the key management node, the service private key and the service public key of the key management node. 
 
     
     
       11. The non-transitory, computer-readable storage medium of  claim 10 , further comprising:
 executing, by a client device, the attestation process with the key management node and an attestation service; and 
 obtaining, by the client device, the service public key of the key management node during the attestation process. 
 
     
     
       12. The non-transitory, computer-readable storage medium of  claim 11 , wherein the return result is validated by the client device using the service public key of the key management node. 
     
     
       13. The non-transitory, computer-readable storage medium of  claim 9 , wherein the plurality of relay system nodes each execute a trusted execution environment (TEE). 
     
     
       14. The non-transitory, computer-readable storage medium of  claim 9 , wherein the request is decrypted by the relay system node to obtain the access data using the service private key of the key management node. 
     
     
       15. The non-transitory, computer-readable storage medium of  claim 9 , wherein the operations further comprise:
 executing, by the key management node, an attestation process with each of the plurality of relay system nodes and an attestation service. 
 
     
     
       16. The non-transitory, computer-readable storage medium of  claim 15 , wherein the key management node executes a key distribution process with the plurality of relay system nodes, the key distribution process resulting the service private key of the key management node being distributed to the plurality of relay system nodes. 
     
     
       17. A computer-implemented system, comprising:
 one or more computers; and 
 one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, cause the one or more computers to perform one or more operations comprising: 
 receiving, from a client smart contract and by a relay system smart contract executing within a blockchain network, a request for retrieving data from an external data source, the request comprising encrypted data, the encrypted data comprising access data for accessing the external data source that is encrypted using a service public key of a key management node that is external to the blockchain network; 
 selecting, by the relay system smart contract, a relay system node from a plurality of relay system nodes that are external to the blockchain network, wherein the plurality of relay system nodes are distributed with a service private key of the key management node; 
 transmitting, by the relay system smart contract, the request to the relay system node; 
 receiving, from the relay system node and by the relay system smart contract, a return result in response to the request, the return result comprising the data retrieved from the external data source obtained by the relay system node and a digital signature, wherein the digital signature is generated based on the data retrieved from the external data source and the service private key of the key management node; and 
 transmitting, by the relay system smart contract, the return result to the client smart contract. 
 
     
     
       18. The system of  claim 17 , wherein the operations further comprise:
 provisioning, by an attestation process of the key management node, the service private key and the service public key of the key management node. 
 
     
     
       19. The system of  claim 13 , wherein the operations further comprise:
 executing, by a client device, the attestation process with the key management node and an attestation service; and 
 obtaining, by the client device, the service public key of the key management node during the attestation process. 
 
     
     
       20. The system of  claim 19 , wherein the return result is validated by the client device using the service public key of the key management node. 
     
     
       21. The system of  claim 17 , wherein the plurality of relay system nodes each execute a trusted execution environment (TEE). 
     
     
       22. The system of  claim 17 , wherein the request is decrypted by the relay system node to obtain the access data using the service private key of the key management node. 
     
     
       23. The system of  claim 17 , wherein the operations further comprise:
 executing, by the key management node, an attestation process with each of the plurality of relay system nodes and an attestation service. 
 
     
     
       24. The system of  claim 23 , wherein the key management node executes a key distribution process with the plurality of relay system nodes, the key distribution process resulting the service private key of the key management node being distributed to the plurality of relay system nodes.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.